Add CORS configuration and exempt debug endpoint from tenant validation

- Add CORS policy to allow frontend requests from localhost:3000 - Exempt /api/debug endpoints from tenant validation - Fix JSON parsing in realm_access claim checks
2026-03-20 09:42:16 +01:00
parent b52d75591b
commit a3ca12da26
2 changed files with 29 additions and 9 deletions
@@ -22,14 +22,15 @@ public class TenantValidationMiddleware
            return;
        }

-        // Exempt bootstrap and admin endpoints from tenant validation
-        if (context.Request.Path.StartsWithSegments("/api/clubs/me") ||
-            context.Request.Path.StartsWithSegments("/api/admin"))
-        {
-            _logger.LogInformation("TenantValidationMiddleware: Exempting {Path} from tenant validation", context.Request.Path);
-            await _next(context);
-            return;
-        }
+    // Exempt bootstrap, admin, and debug endpoints from tenant validation
+    if (context.Request.Path.StartsWithSegments("/api/clubs/me") ||
+        context.Request.Path.StartsWithSegments("/api/admin") ||
+        context.Request.Path.StartsWithSegments("/api/debug"))
+    {
+      _logger.LogInformation("TenantValidationMiddleware: Exempting {Path} from tenant validation", context.Request.Path);
+      await _next(context);
+      return;
+    }

        if (!context.Request.Headers.TryGetValue("X-Tenant-Id", out var tenantIdHeader) ||
            string.IsNullOrWhiteSpace(tenantIdHeader))